For businesses large and small, relying on a cloud-based collaboration and productivity suite such as Microsoft Office 365 is becoming the norm. Enhancing productivity in your organisation is vital to get ahead in 2017 - and using Office 365 can help, if it's used right...

WoSign and StartCom to be punished by Google for not maintaining the 'high standards expected of certificate authorities'

Google is to withdraw trust in two Chinese digital certificate authorities in the forthcoming Chrome 61 web browser, due out in a month, as punishment for failing to maintain the standards expected of certificate authorities.

Furthermore, claims Google, both WoSign and its subsidiary StartCom failed to cooperate fully with the inquiry.

"The investigation concluded that WoSign knowingly and intentionally mis-issued certificates in order to circumvent browser restrictions and certificate authority requirements. Further, it determined that StartCom, another certificate authority, had been purchased by WoSign, and had replaced infrastructure, staff, policies, and issuance systems with WoSign's.

"When presented with this evidence, WoSign and StartCom management actively attempted to mislead the browser community about the acquisition and the relationship of these two companies. For both certificate authorities, we have concluded there is a pattern of issues and incidents that indicate an approach to security that is not in concordance with the responsibilities of a publicly trusted certificate authority," wrote Whalley.

In response, Google made the decision to progressively withdraw 'trust' from WoSign and StartCom-sourced certificates, starting in Chrome 56, in a process that will be completed when Chrome 61 comes out next month.

The phasing out of trust for WoSign and StartCom certificates has been conducted over a course of several months in order to give customers of the companies plenty of time to migrate to more trusted certificate authorities.

The 'untrusting' of WoSign and StartCom comes as browser makers try to improve browser security by, for example, deprecating support for certificates based on insecure SHA-1 cryptography, and highlighting websites that lack support for encrypted connections.

Indeed, the investigation into WoSign also found that it had been backdating SSL certificates to get round a 1 January 2016 deadline to stop issuing SHA-1 certificates.

From September, visitors to websites using either WoSign of StartCom certificates will see security warnings, which will almost certainly affect their traffic.

Certificates supposedly guaranteeing the security of web connections, and the certificate authorities that issue them, have come in for increasing levels of security in recent years.